Log in to the API Store (https://<hostname>:9443/store) and click on an API (e.g.,PhoneVerification 1.0.0) to open it.

Tip: In a multi-tenanted API Manager setup, you can access any tenant's store using the URL http://<hostname>/Store?tenant=<tenant_name>.

Note the subscription options on the API's Overview page.

Click the My Applications menu and create a new application.

Tip: Instead of creating a new application, you can also use the default application.

Go back to the API's subscription options and select the application you just created, a tier and click Subscribe.

Click the Go to My Subscriptions button when prompted. The subscriptions page opens.

Select the application from the drop-down list and click Generate to create an application access token. You can use this token to invoke all APIs that you subscribe to using the same application.

Tip: You can set a token validity period in the given text box. By default, it is set to one hour. If you set a minus value (e.g., -1), the token will never expire.

If you are using the WSO2 Identity Server 5.0.0 (with service pack 1) as the Key Manager for your API Manager deployment, generating keys will result in creation of a Service Provider on the Identity Server.

Install cURL if it is not there in your environment. Note that cURL comes by default in some operating systems. You can also use any other REST client.

To unsubscribe from an API, go to the My Subscriptions menu in the API Store, select the application used for the subscription, find the API under the Subscribed APIs section and click the delete icon associated with it.

If you unsubscribe from an API and then resubscribe with a different tier, it takes approximately 15 minutes for the tier change to be reflected. This is because the older tier remains in the cache until it is refreshed periodically by the system.